[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: Insecure file upload in Berta CMS
From: Simon Waters <simon.waters () surevine ! com>
Date: 2015-03-30 11:35:43
Message-ID: 5A4D0468-0D68-487A-86B8-B28B04464F7A () surevine ! com
[Download RAW message or body]
> On 28 Mar 2015, at 05:47, cve-assign@mitre.org wrote:
>
> Signed PGP part
> > http://seclists.org/fulldisclosure/2015/Mar/155
>
> > We found that the file upload didn't require authentication.
> ...
>
> Use CVE-2015-2780 for this "didn't require authentication" issue.
Thanks
> The ability to bypass image validation by using certain .php files
> that begin with a "GIF89" substring might be considered a bug, but is
> perhaps not a security bug.
Your analysis is similar to mine, and private correspondence with the developer.
I've added a comment to PHP docs for getimagesize to remind folks it doesn't validate images, I \
don't think this is a bug.
It might be a useful feature for PHP to have a simple file upload validation (Image magick has \
one), but there is no guarantee that valid files won't be misinterpreted as malicious if you \
can get them interpreted in an inappropriate context.
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCgAGBQJVGTUQAAoJEHT1d47Kem8YO5MIANokfHlOWCWOqJnJbDLgDv72
1EeRPIRnVIfriiIdeeboI/tJAibVIVtbBfonUNIoRqaTNZzOzBoXtJNF6x4S3oTW
Ac008LqmzbEv+HJjXi6QgJa0wvCW9sHDngurjbvD0WWtiyZiBf7QKQPDOzoPD3cn
gj+DnupgSl07s1u3drKwwv6PQrkpotoUrQztwftxxIL+uYIFoJZgXpeVSS6W9gpX
JKepBFO89AjvLtc6vpI/fkYbjUjdDKwxQLCPg1AGTJ6hfOQ4maS2sOA+ydvRudV5
x0CqpKmc4r5DNnVeLRVSdXP9hVhnSLo9z8wl6EUSZUivclYkNroLjGXMic2QcAY=
=hNA9
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic